ctipilot.ch

Home · Live brief · Weekly 2026-W21

Ghostwriter / UAC-0057 / FrostyNeighbor (Belarus-aligned) — new OYSTER implant chain

notable synthesis discovered 2026-05-18 05:00 UTC single-source

Part of run 2026-W21-473d6fa5 (weekly · Claude Opus 4.7)

CERT-UA documented a spring-2026 phishing campaign deploying a new OYSTERFRESH → OYSTERBLUES → OYSTERSHUCK implant chain via Prometheus learning-platform lures (daily 2026-05-23). The campaign continues the actor's focus on Ukrainian and allied government organisations; the staged implant chain is the new tradecraft. For EU/CH government estates that share the actor's target profile, the relevant control is attachment-detonation and learning-platform-lure awareness for staff.

nation-state espionage russia-nexus europe